Product highlights and recent updates

Bitwarden continuously adds new capabilities and is packed with features to keep businesses secure and delight admins.

How business uses stored items:

• Logins and passkeys - websites, apps, servers, routers, SSH Keys

• Cards - Company credit cards, purchasing cards (P-cards)

• Identities - Shipping addresses, mail stops, executive travel info for assistants

• Secure notes - Sensitive information, security procedures, backup codes

• Log in with device

• SSO with trusted devices

• Passkey login

• Biometric unlock for desktop, mobile apps and browser extension

• PIN unlock

• Activate autofill policy - Autofills logins when webpage loads

• Automatic login with SSO policy - Use shortcuts in your Identity Provider’s dashboard for fast access to websites and a universal SSO experience
  

• SSO with trusted devices allows for users to login without a password

• Users self-approve new logins from other trusted logged-in Bitwarden apps

• Approve from web, mobile and desktop apps, and browser extension
  

• Account recovery administration policy

• Session timeout policy 

• Set other security requirements such as master password and password generator complexity
  

Use Collection management settings to decide how collections work. Note: adjustable only by the organization owner.

• Choose to allow admins and owners to access all items in the organization

• Decide if creating or deleting a collection can only be done by admins

• Give users the power to self-serve directly
  

Set these policies for tighter control

• Account recovery administration

• Single organization

• Remove export

• Require Single Sign-on authentication

• Enforce organization data ownership

Then

• Claim your domain

• Integrate with SIEM tools

• Run Access Intelligence reports
  

The URI (URL or mobile app identifier) verifies the page for autofill

• Create custom URI controls to adjust how autofill matching works

• Block autofill from running on specified domains (compatibility)
  

• Free Bitwarden families plan for every organization member

• Non-members, such as factory workers, can have plans sponsored too

• Reinforces good security practices outside work
  

Set up Bitwarden to use your existing technology infrastructure

• Support for Directory integration, SCIM, SSO Identity Providers, Managed devices, SIEM

• Use Public API and Vault Management API to create your own integratio
  
  

Select innovations and new business features for Bitwarden in 2025.

Included in all Enterprise subscriptions, take action on at-risk credentials associated with high priority applications. Uncover shadow IT and unauthorized applications your members are using, prioritize risk resolution by application, guide employees to make password changes, and track security improvements.

Learn more: Access Intelligence

Users receive proactive notifications about credential security issues directly in their vault. Bitwarden redirects users to the website’s change password form and helps generate and save a new secure password.

Learn more: Change at-risk passwords

Ensure all items saved in Bitwarden are owned by the organization. Users receive a My items location inside the organization vault.

• Allows for complete reporting

• When employees leave the organization, admins are granted access to the user’s My items

Learn more: Enterprise policies

Model Context Protocol (MCP) server is the foundation for secure AI authentication with password management. Use it to write plain text commands to interact with Bitwarden. Designed for use locally with self-hosted Bitwarden servers.

Learn more: Bitwarden sets foundation for secure AI authentication with MCP server

Additional event logging and clearer naming make it easier to understand how the settings affect the organization. In addition, a new option allowing for owners to choose whether members with the Manage collection permission may be allowed to fully delete items from the organization vault.

Learn more: Collection settings

Additional enterprise policies have been added to provide additional control over how Bitwarden organizations work.

• Block account creation for claimed domains

• Remove card item type

• Remove Unlock with PIN

• Default URI match detection

• Remove free Bitwarden Families sponsorship

Learn more: Enterprise policies

Access the Bitwarden vault quickly with any passkey that supports the WebAuthn PRF extension, such as a YubiKey

• Supported in the web app and Bitwarden browser extension

• Does not need the username, password, or two-step login verification - an excellent option for an administrative break-glass account.

Learn more: Log in with passkeys

Import credentials directly from Chromium-based browsers to the Bitwarden vault without needing to export and manage a CSV file. Improves user onboarding experience and admin deployment. Requires the Bitwarden desktop application.

Learn more: Import directly from browser

Simplified SSO authentication flow that reduces login steps and improves the user experience. Users that must login using SSO will have other login options grayed out.

The Bitwarden SSH Agent is built into the Bitwarden desktop application and can be used for authenticating to servers, signing Git commits, and interacting with other SSH based services. This streamlines developer workflows while maintaining centralized organization ownership.

Learn more: SSH Agent

When using SSO with trusted devices, users can self-approve new device logins from an already-authenticated Bitwarden web, mobile and desktop application, and the browser extension. This provides flexible, secure device verification without IT intervention.

Learn more: Approve a trusted device

When an Enterprise organization claims a domain, onboarded organization member accounts that use an email address with a matching domain (e.g. jdoe@mycompany.com) will be claimed by the organization, allowing for greater control of member accounts.

Learn more: Claimed domains